/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2023/04/Diwakar-Dayal.jpg)
Cloud computing has allowed modern organizations to scale at incredible rates, transforming how organizations collaborate and operate. While cloud adoption grows across all industries, its inherent risks have expanded alongside it. This steers security leaders towards implementing the right cybersecurity strategies to protect their cloud environments.
Growing Security Threats in the Cloud
Organizations are using cloud to host web applications and store their data. This time-sensitive data or business-critical web applications are generating huge revenues.
The real goal of cloud security is to defend those applications and the underlying infrastructure in the cloud. Given that there are applications in cloud processing, sensitive data attract adversaries who want to either steal that information, resell it on the dark web, or use it to conduct a ransomware attack. Adversaries then extract money from a victim company who are trying to unbrick their application that has been encrypted due to that ransomware incident.
Three Cloud-Based Attack Vectors
Adversaries or threat actors are conducting cyber-attacks using one of three ways as their initial access.
1. Misconfigured Resources
Number one on the list is misconfigured cloud resources which are accidentally made publicly accessible to the internet. when it shouldn’t be and can be breached within minutes.
There are adversaries continuously scanning the internet and AWS IP ranges for any type of resource that is exposed to the internet. If that resource contains sensitive data or connections to other resources through overly permissive identity roles or permissions then, organizations experience cloud breaches.
2. Compromised Access Keys
The concept of access keys includes username and password-type and ephemeral access keys which are always the recommended way for setting up access through identity access management (IAM) roles instead of IAM users. Roles have ephemeral access keys while users have long-lasting access keys. The long-lasting access keys can get compromised in a number of ways. They can get stolen, people can hard code them and then find that the code repos are made public. Essentially, finding access keys and then using them to access cloud accounts is the second most common cloud-based risk organizations face.
3. Vulnerable Web Applications
Organizations use cloud computing to host web applications from cloud providers. Those web applications could have exploitable vulnerabilities associated with them. There are several ways to protect applications from these types of vulnerabilities. One can scan the application vulnerabilities, or put a web application firewall in front of them to limit the malicious actions that can be taken against them. However, once a threat actor has gotten in through that front door, they are able to move laterally and conduct various types of cloud attacks.
Hybrid & Multi-Cloud Risks
While using multiple cloud providers, rarely is the same application being used across them. More often, organizations are picking one cloud provider for one type of workload and others for other types, because of specific capabilities.
With hybrid cloud, organizations store some of their data in a public cloud environment while simultaneously running other applications within on-prem, which could be a private cloud environment. Security incidents can start on-prem and then move into the cloud or vice versa. Most security solutions are relatively stovepiped where the focus is cloud security or on-prem security. Because of that, many security solutions potentially miss these pivots between on-prem and cloud environments, limiting the ability to understand the full scope of an attack.
A user could accidentally enter credentials into a malicious website linked to a phishing email. An adversary would then use those credentials to log into their machine. From there, actors could use privilege escalation techniques to acquire cloud admin credentials or find them on the compromised machine.
With that access in hand, the threat actors could log into the cloud and perhaps create new users for themselves that have permission to complete the rest of their mission in the cloud.
Cloud Native Application Protection Platforms (CNAPPs) can help
In the stovepipe-like connections between on-prem security and cloud security, there’s lots of specialization. Alternatively, the idea of CNAPPs begins to merge various cloud security tools into a more unified platform itself.
To completely and fully defend the cloud, organizational leaders need application security tools that can ensure the integrity and security of the code associated with the applications that they’re deploying to the cloud. They need security tooling to look at the development and deployment pipelines for that code.
When a code is developed, it goes through a series of tests moving from beta to production environments. That pipeline itself needs to be secure.
Once the code is deployed into the cloud environment, one should make sure that the outer perimeter of that cloud environment is secure by putting in place network firewalls and web application firewalls. Security leaders need to secure the infrastructure where the code is running and monitor virtual machines, containers, databases, and the identities being used. Monitoring for misconfigurations, anomalies, and signs of adversary behavior needs to happen for all of those aspects of cloud computing.
The vision for CNAPP is uniting all these things together so that you can have a clear line of sight. CNAPP provides the ability to see malware that’s sitting on a machine in the cloud environment as well as visibility all the way back to the initial code repo that contains the instructions about how that machine should be deployed. This visibility translates to the ability to go back to the beginning and make sure that any misconfigurations in that initial deployment code are cleaned up.
To remain ahead of threat actors, organizations using cloud services must fully understand how the services are being implemented and maintained. Visibility within the cloud is critical to seeing how file sharing is being done, the type of data being stored and its security, and what applications are connected. The Cloud Security solution should ensure organizations get the right security in place to continue operating in their cloud infrastructures safely.
Authored By: Diwakar Dayal, Managing Director and Country Manager, SentinelOne India and the SAARC region